Duo Security Integration Kit 3.x
The Duo Security Integration Kit allows PingFederate to use Duo Security for multi-factor authentication (MFA). This sign-on experience uses OpenID Connect standards and does not require or support iFrames.
|
This documentation is for Duo Security Integration Kit 3.0 and later. For earlier versions of the integration kit, see the Duo Security Integration Kit 2.2 documentation. |
Upgrade considerations
The Duo Security Integration Kit 3.0 and later no longer support the Duo Security Adapter settings reference feature or the adapter session feature. If you were using the adapter session feature previously, you can configure authentication sessions instead.
|
The authentication sessions feature doesn’t have complete feature parity with the adapter session feature. For example, the authentication sessions feature doesn’t support session sharing between composite adapters. To use authentication sessions with the Duo Security Integration Kit 3.0 and later, remove any interfering composite adapters. |
Features
-
Supports Duo’s Standard Editions and Federal Editions
-
Supports Duo’s OpenID Connect-enabled APIs.
-
Supports the Duo Universal Prompt authentication experience.
-
Supports the PingFederate Authentication API.
-
Supports the JavaScript Widget for the PingFederate Authentication API.
Components
The Duo Security IdP Adapter:
-
Allows PingFederate to redirect users to Duo Security for a multi-factor authentication (MFA) challenge during sign on.
-
Allows for MFA when single sign-on (SSO) is initiated at the identity provider (IdP) or service provider (SP).
Intended audience
This document is intended for PingFederate administrators.
If you need help during the setup process, see the following resources:
-
The following sections of the Duo Security documentation:
-
.com/docs/protecting-applications//[Application Options - Universal Prompt]
-
.com/docs/administration//[Troubleshooting - Universal Prompt Update Progress]
-
The following sections of the PingFederate documentation: